<?php 

// Include the configuration file for error management and such.
require_once ('./includes/config.inc.php'); 

// Set the page title and include the HTML header.
$page_title = 'Newnham College Associates: Forgotten password';
$site_section = 'Login';
include ('./includes/header.html');
include ('./includes/password.inc.php');

$subject = "Password reset";
$headers = "From: webmaster@newnhamassociates.org.uk
X-Mailer: PHP." . phpversion() . "
Bcc: webmaster@newnhamassociates.org.uk";
$message = "
You requested a new password for the Newnham College Associates website.
A randomly generated password has been assigned, and is shown below. Next
time you log in you should change it to something you will remember.

";

if (isset($_SESSION['user_level'])) { // already logged in
  user_redirect("/assoc.php?assoc={$_SESSION['userid']}");
  exit(); // Quit the script.
} elseif (isset($_POST['submitted'])) { // Check if the form has been submitted.

  require_once ('./mysql_connect.php'); // Connect to the database.

  // Validate the username
  if (!empty($_POST['uname'])) {
    $e = escape_data($_POST['uname']);
  } else {
    echo '<p><font color="red" size="+1">You forgot to enter your user name or email address!</font></p>';
    $e = FALSE;
  }
	
  if ($e) { // If everything's OK.
	
    // Query the database.
    $query = "SELECT users.user_id, login, email, first_name, last_name FROM users, user_details WHERE ((login='$e' OR email='$e') AND users.user_id = user_details.user_id)";		
    $result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error());
		
    if (@mysql_num_rows($result) == 1) { // A match was made.

      // generate a new password
      $row = mysql_fetch_array ($result, MYSQL_NUM); 
      mysql_free_result($result);

      $user_id = $row[0];
      $login = $row[1];
      $email = $row[2];
      $fname = $row[3];
      $pass = generate_password_for($user_id);

      $message .= "Your username is:                " . $login . "\n";
      $message .= "Your password has been reset to: " . $pass . "\n\n";
      $mail_sent = FALSE;
      $mail_sent = mail($email, $subject, $message, $headers);
      if ($mail_sent) {
          $query = "INSERT INTO emails_sent (when_sent, user_id, email, sender, type) VALUES (NOW(), $user_id, '$email', 'site', 'password')";
          $result = mysql_query($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error());
          echo '<p>A new password has been sent to your registered email address.</p>';
      } else {
          echo '<p>There was a site problem. Please contact the webmaster.</p>';
      }
      exit(); // Quit the script. 
				
    } else { // No match was made.
      echo '<p><font color="red" size="+1">There is no record of a user with that user name or email address.</font></p>'; 


    }
    
  } else { // If everything wasn't OK.
    echo '<p><font color="red" size="+1">Please try again.</font></p>';		
  }
	
  mysql_close(); // Close the database connection.

} // End of SUBMIT conditional.

?>

<h1 >Forgotten password</h1>
<p>This area of the web site is for Associates only. 
</p>

<form action="forgotten.php" method="post">
<table>
<tr><td>User name or email address:</td>
    <td> <input type="text" name="uname" size="20" maxlength="40" value="<?php if (isset($_POST['uname'])) echo $_POST['uname']; ?>" /></td>
</tr>
</table>
<div align="center"><input type="submit" name="submit" value="Submit" /></div>
<input type="hidden" name="submitted" value="TRUE" />
</form>


<?php // Include the HTML footer file.
include ('./includes/footer.html');
?>